From: | Thomas Güttler <guettliml(at)thomas-guettler(dot)de> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Row based permissions: at DB or at Application level? |
Date: | 2017-07-25 09:40:03 |
Message-ID: | e662fd8a-6001-514c-71e8-01718444f338@thomas-guettler.de |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
I am thinking about rewriting an existing application which uses PostgreSQL via Django (ORM and Web-Framework written in
Python).
Up to now the permission checks are done at the application level.
Up to now queries like: "Show all items which the current user is allowed to modify" result in complicated SQL and
this leads to slow queries.
Up to now there is one db-user and the application does the filtering of rows to prevent application users to see
items which they are not allowed to see.
I guess most web applications work like this.
I would like to reduce the "ifing and elsing" in my python code (less conditions, less bugs, more SQL, more performance)
How could an application which gets written from scratch use PostgreSQL to implement
row based permissions?
Regards,
Thomas Güttler
--
Thomas Guettler http://www.thomas-guettler.de/
From | Date | Subject | |
---|---|---|---|
Next Message | Daniel Westermann | 2017-07-25 09:56:29 | Re: Row based permissions: at DB or at Application level? |
Previous Message | Adam Šlachta | 2017-07-25 09:32:35 | How to get transaction started always in WRITE mode. |